Asia Pacific | Financial services

OJK Regulation No. 38 of 2016 (POJK 38)

The Otoritas Jasa Keuangan ("OJK") is responsible for the inspection and supervision of activities in the banking, capital markets and financial services sectors in Indonesia. The OJK seeks to protect the interests of consumers, and promote prosperity and competition in the financial services industry.

OJK Regulation No. 38 of 2016 The Application of Risk Management in the Use of Information Technology by Commercial Banks ("POJK 38") addresses how commercial banks can apply risk management effectively when outsourcing their information technology activities. POJK 38 provides specific guidance on the contents of the outsourcing agreement, due diligence, monitoring performance, contingency planning, audit and information access rights.

Google Cloud's contracts for financial institutions in Indonesia address the requirements in POJK 38. We have also created mappings to the guidelines for both GCP and Google Workspace to assist you with understanding how we can support you with meeting the requirements and assess us as an outsourced service provider. Google Cloud is committed to addressing these requirements regardless of how financial institutions choose to use our services.

ISO/IEC 27001

Learn more

ISO/IEC 27017

Learn more


Learn more